http://www.mandriva.com/en/
______________________________
Package : php
Date : August 6, 2014
Affected: Business Server 1.0
______________________________
Problem Description:
Multiple vulnerabilities has been discovered and corrected in php:
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL
component in PHP through 5.5.14 allows context-dependent attackers to
cause a denial of service or possibly have unspecified other impact via
crafted ArrayIterator usage within applications in certain web-hosting
environments (CVE-2014-4698).
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL
component in PHP through 5.5.14 allows context-dependent attackers to
cause a denial of service or possibly have unspecified other impact
via crafted iterator usage within applications in certain web-hosting
environments (CVE-2014-4670).
file before 5.19 does not properly restrict the amount of data read
during a regex search, which allows remote attackers to cause a
denial of service (CPU consumption) via a crafted file that triggers
backtracking during processing of an awk rule. NOTE: this vulnerability
exists because of an incomplete fix for CVE-2013-7345 (CVE-2014-3538).
The updated php packages have been upgraded to the 5.5.15 version
and patched to resolve these security flaws.
Additionally, the jsonc extension has been upgraded to the 1.3.6
version and the PECL packages which requires so has been rebuilt
for php-5.5.15.
______________________________
References:
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://php.net/ChangeLog-5.
http://pecl.php.net/package-
______________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
a8f1a14a82942bc714d6a099be8e51
b985fbddf2bc3242ca7a2b9fa59d43
4096874876026f741813d42aabc7fc
8fa4bca573ff32baa586e21900c990
1e1e9b04d4e864b89c6ee72401d19f
33bf033aaa30e10913a577c7bf056e
30d344da1d8d979376b9ffed01ac75
119e13214a525f356965aab9a5e878
d77ce1bb2c2a73774c5ea8a8a94322
b6fa475c440644e4844644fd2d0f4b
0941ee03a5e9a7378b4b01432ca990
c0e67e0418764df9c0124aecc6d27c
b4df22a9a0ec0e276e09dd30b63934
574920252543de382a55387b2446f9
e6ea55d91a757b2a9bd7115ee3caaf
7059a143838f8b38ec0847de3530cc
1b83052b9a3360afe0ce7d9d8c0516
851123d71e3de3194ecc030f37fb31
2ad566bd050fb268e9e0c13354b24b
6607d2b46f3c32340fd6fa15471c75
800d0e33e959b44e3705a081eac377
c5efe218dee0a5f8f685fe4887121d
c0a2ff63842df51a013346920cd856
6a8a00249372f1822a1028ea003bad
3d782e96ec768e2fbfdcb4966c17e4
03302374100cbef6b17b36040b97df
67ef91b4144597a8eee105d8d9e397
9d79601ac46b53eb93848bbdb91ae5
9d36114cf05a452aa807a7e546e9f0
fe3164ded9c067c86da9abba22c179
3514239c38af0dc7d9365e8b174903
3a9080553c9d0389c4b209c7a66136
2e28885f866774b3a314839dc30cb7
4960ddc660751ade994774117d0935
002346daef828dc391ca3c9f9abb92
e8b7bdb3428d132287751dbb2864a6
b9374638ca9b9cdcf5945e5a51fe39
2c5dcdb7c6dd6c380cdb3378c0ffa7
842b7243df7c44bc7ded4cc8dbf6bc
29c7721a8124a6850f3797ebe65fd1
8c189b29533a3607a255857be721d0
e8ae5b17760d973411a9638ed8b671
ffff28eafa9f41e4e045577b111e09
b5a90904dc3df3671df1937927181e
0eebd25c2cbe39bc9ed1b6c84ea4e6
e8273d4181167213145e7a76822272
44dec8ad4b772d9c89944c3c4424c5
943ed26187a3a5073014263018251e
2789e51cc768ea3ac5184cca3ddea2
501fac63e7ec95c8dd2c6af9dec94b
9fa10c1aa3db7a2c3529480b9a6615
228da7b34f95e5a5de65d55dd3a83e
1c463d4247e08f9b543e0cccae4e99
14d63fcafd6c7de0ee19f93e830679
ad069c46d67274dec72c65eaa37770
bd542c561fcacee6d1536044418b71
52a6c80fb00752f4642b0376c76651
d548586123a66ac3d4dc2f4db3c674
0ff1e1b38f3c9a4e28ff13b91bcaa3
4693d5e0aef85ab23390bb67178885
ba9fd1a164298a79b4013380200f1e
7ee3e362aa88cfebbccbeef4dc8e84
b9b6ead8e979a87f501a2b7302860d
25de207b2d6ef7b4ac127874d80060
7143d2b5bb4731d78f474788b48729
b365a335827c42c7f9df6f425dfc4e
daf5a2a4f62d0a2627b965ce22bd53
dc127c9e655876584af86975b59e22
3f6300aa39367c97305fb28f03db82
bc940bf9eb010e3b400442a7f2ea10
0182998fa478cacac8e6e036f6e910
c3af540e3596b126a0b9ba4c4dccaf
7619610a141a2d051dccf3a5ad05be
19c9a0c5a6cf7f42d26989bab0a826
______________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Komentarų nėra:
Rašyti komentarą